1. Field of the Invention
The present invention relates to networks and, more specifically, to network security.
2. Description of the Related Art
Contemporary data networking standards support security functions for communicating network nodes at practically every layer of the Open System Interconnection (OSI) stack. For example, the OSI application layer can employ Secure Real-Time Transport Protocol (SRTP) security mechanisms; the OSI transport layer can employ Secure Socket Layer (SSL) and/or Transport Layer Security (TLS) mechanisms; and the OSI network layer can employ Internet Protocol Security (IPSec) mechanisms. OSI link (or access) layer security mechanisms depend on and are specific to the employed link-layer standard and include, e.g., IEEE 802 security mechanisms, 3GPP UMTS and GSM security mechanisms, 3GPP2 Cdma2000 and UMB security mechanisms. While frame formats, protocol exchanges, and security methods (e.g., encryption and authentication) are specified in the relevant standards and publications, specific mechanisms for establishing security associations and negotiating encryption algorithms are often subject to significant implementation variations.
One representative network-layer security mechanism for securing exchanges between any two IP addressable network nodes relies on the use of IPSec procedures coupled with Internet Key Exchange (IKE, version 1 or 2) procedures. This network-layer security mechanism is used, for example, in Mobile IPv6, a popular mobility management protocol for IPv6 (Internet Protocol, version 6) enabled devices, which is described in the IETF Network Working Group's Request for Comments No. 3775 (RFC 3775), the teachings of which are incorporated herein by reference. In Mobile IPv6, control messages (referred to as binding updates and binding acknowledgements) are exchanged between a mobile end point and a home agent to enable routing and forwarding of packets to and from the mobile end point. While the option of using IPSec for securing control messages is explicitly spelled out in Mobile IPv6, specific procedures for establishing a security association and providing relevant session keys are open to development and innovation.